delvingbitcoin
Combined summary - Disclosure: irrevocable fees---stealing from LN using revoked commitment transactions
The introduction of an upper limit on accepted feerate in the Lightning Development Kit (LDK) signifies a crucial advancement in addressing vulnerabilities associated with "irrevocable fees." This move, initiated in 2021, aimed to counter the risks posed by excessive trimmed HTLCs and dust HTLC exposure.
By setting a cap on the feerate from a channel counterparty, LDK enables a more straightforward calculation of msat denominated worst-case scenarios for dust HTLCs exposure under various conditions. The implementation of this feature, marked by a specific commit, underscores LDK's commitment to enhancing both security and operational efficiency within the network.
Further developments in securing transactions against fee-related vulnerabilities came with the introduction of the Validating Lightning Signer (VLS). VLS, since its pre-production release, incorporated a validate_fee()
function, scrutinizing proposed feerates against a predefined maximum per kiloweight unit (max_feerate_per_kw
). This feature is particularly designed to combat "miner-fee-siphoning attacks," reinforcing the security framework around fee structures. The max_feerate_per_kw
is set at 100 satoshi per virtual byte, offering flexibility through adjustable rates by operators to meet varying operational needs. Such measures represent proactive steps taken by developers to defend against evolving threats within the digital transaction space.
Older versions of major Lightning Network (LN) implementations, including Eclair, LDK, and LND, along with Core Lightning when improperly configured, were susceptible to attacks enabling significant fund misappropriation by miners. This vulnerability could allow up to 98% of a channel's funds to be diverted, posing risks not only from malicious actors but also under normal operational circumstances. Despite mitigation efforts by contemporary LN implementations, which include tightening fee bounds, the theoretical possibility of exploitation persists due to fluctuations in on-chain transaction fee estimates. Addressing this issue requires updates to both the LN protocol and Bitcoin's P2P transaction relay protocol, with recent releases aiming to reduce vulnerability scopes.
The identification of two primary attack vectors—Type 1 and Type 2.0, along with a Type 2.5 variant—highlights the complexity of managing offchain contract protocols' fee dynamics. Type 1 involves the irreversible allocation of excessive amounts to transaction fees, while Type 2.0 and 2.5 involve exploitation of non-deterministic estimation of onchain fees between channel participants. Current mitigation strategies focus on limiting the maximum amount allocable to transaction fees and suggest adopting static commitment fees to permanently eliminate such vulnerabilities. These solutions require comprehensive protocol upgrades, including the adoption of reliable package relay for Bitcoin and corresponding LN protocol adjustments.
The collaborative effort in discovering and disclosing this vulnerability among LN implementation maintainers emphasizes the intricate challenges in fee management within offchain contract protocols. It also showcases the ongoing initiatives within the Bitcoin and LN communities to simplify and strengthen the transaction fee management process, thereby contributing to the overall resilience and security of offchain payment channels.